The Compass is a neutral technical layer. Our commitments to your data are enforced at the architecture level, not at the level of promise.
Personal healthcare information never leaves your jurisdiction. Residency is architectural (per-region database clusters, network policy, and a gateway-level RegionGuard), not a configurable setting.
Your health record belongs to you. A clinician sees it only with your explicit consent, and it is correction-only — a correction is added as a new entry, never by deleting or overwriting what came before.
Every read, every write, and every change to your data is recorded in the audit_log table under an INSERT-only policy. No user holds UPDATE or DELETE rights on this table — not even the database administrator.
The Compass is never a party to the financial chain between patient and provider. The booking-confirmation fee is paid directly to the provider's facilitation merchant account through Moyasar, and the Compass receives only a webhook to activate the booking.
This page is a summary of the platform's architectural privacy commitments. The full legal text is under review by the legal team against the Saudi Personal Data Protection Law (PDPL) and SDAIA references, and will be published here once approved.